Question No: 61 – (Topic 1)

Which event happens when a wireless client connects to a Cisco 5760 Converged Access Controller with a WLAN configured for AAA override enabled and an invalid VLAN (not configured on the Cisco 5760) is returned as part of RADIUS accept message by the Cisco ISE server?

The client is marked as associated and DHCP required state.

The client is marked as authenticated but does not get an IP address.

The client is put in exclusion list by the WLC.

The client is put in the RUN state and is mapped to the wireless management VLAN.

Question No: 66 – (Topic 1)

FlexConnect APs have already been deployed in a branch office for local switching. Currently the WLAN in the large auditorium is proposed to change to a high-density design and thus some low data rates are proposed to be disabled while keeping the data rates in other areas under the same Cisco WLC. Which two configuration settings must be modified in the Cisco WLC to achieve this configuration? (Choose two.)

A mobility agent manages AP connectivity, CAPWAP tunnel terminations from APs and builds a database of client stations (endpoints) that are served locally as well as roamed from an Anchor WLC. Mobility agent can be either a Catalyst 3850 or a CT5760 mobility controller with an internal mobility agent running on it.

Mobility Controller:

A mobility controller provides mobility management tasks including inter-SPG roaming, RRM, and guest access. Mobility roaming, where a wireless client moves from one physical location to another without losing connectivity and services at any time, can be managed by a single mobility controller if roaming is limited to a mobility sub-domain. Roaming beyond a mobility sub-domain can be managed by multiple mobility controllers in a mobility group. The mobility controller is responsible for caching the Pairwise Master Key (PMK) of all clients on all the mobility controllers, enabling fast roaming of the clients within its sub- domain and mobility group. All the mobility agents in the sub-domain form CAPVVAP mobility tunnels to the mobility controller and report local and roamed client states to the mobility controller. The mobility controller builds a database of client stations across all the mobility agents.

Mobility Oracle

Mobility oracle further enhances mobility scalability and performance by coordinating roaming activities among multiple mobility groups, which removes the need for N2 communications between mobility controllers in different mobility groups to improve efficiency and performance.

Mobility Sub-domain

Multiple SPGs can be grouped together and collectively managed as a mobility sub- domain. One mobility controller is required for each mobility sub-domain.

Switch Peer Group

The Converged Access deployment defines an SPG as a logical group of mobility agents within one mobility controller (or mobility sub-domain). The main advantage of configuring SPGs is to constrain the roaming traffic to switches that form the SPG. When the mobility agents are configured in one SPG on the mobility controller, the software automatically forms full mesh CAPWAP tunnels between the mobility agent switches.

These CAPWAP tunnels can be formed in a multi-layer network design (where the mobility agent switches are L2 adjacent on a VLAN spanned across) or a routed access design (where the mobility agent switches are L3 adjacent).

The SPGs should be designed as a group of mobility agent switches to where the users frequently roam.

Question No: 70 – (Topic 1)

When a Flex Connect AP is in the quot;local authentication, local switchingquot; state, it handles client authentication and switches client data packets locally. This state is valid in standalone mode and connected mode. Which three statements about a FlexConnect AP are true? (Choose three).

In connected mode, the AP provides minimal information about the locally authenticated client to the controller. This information is not available on the controller policy type. Access VLAN. VLAN name, supported rates. Encryption ciphter.

In connected mode, the access point provides minimal information about the locally authenticated client to the controller. However, this information is available to the controller policy type., access VLAN, VLAN name, supported rates, encryption cipher.

Local authentication is useful where you cannot maintain a remote office setup of a minimum bandwidth of 128 kbps with the round-trip latency no greater than 100 ms and the maximum transmission unit no smaller than 576 bytes.

Local authentication is useful where you cannot maintain a remote office setup of a minimum bandwidth of 128 kbps with the round-trip latency no greater than 150 ms and the maximum transmission unit no higher than 500 bytes.

Local authentication in connected mode does not require any WLAN configuration.

Local authentication can be enabled only on the WLAN of a FlexConnect AP that is in local switching mode.